diff options
Diffstat (limited to 'man/curvetun.8')
-rw-r--r-- | man/curvetun.8 | 196 |
1 files changed, 0 insertions, 196 deletions
diff --git a/man/curvetun.8 b/man/curvetun.8 deleted file mode 100644 index 37208b4..0000000 --- a/man/curvetun.8 +++ /dev/null @@ -1,196 +0,0 @@ -.\" netsniff-ng - the packet sniffing beast -.\" Copyright 2013 Daniel Borkmann. -.\" Subject to the GPL, version 2. - -.TH CURVETUN 8 "03 March 2013" "Linux" "netsniff-ng toolkit" -.SH NAME -curvetun \- a lightweight Curve25519 IP tunnel - -.SH SYNOPSIS - -\fB curvetun\fR [\fIoptions\fR] - -.SH DESCRIPTION -curvetun is a lightweight, high-speed ECDH multiuser IP tunnel for Linux -that is based on epoll(2). curvetun uses the Linux TUN/TAP interface and -supports {IPv4, IPv6} over {IPv4, IPv6} with UDP or TCP as carrier protocols. - -It has an integrated packet forwarding trie, thus multiple users with -different IPs can be handled via a single tunnel device on the server side -and flows are scheduled for processing in a CPU affine way, at least in case -of TCP as a carrier protocol. - -As key management, public-key cryptography based on elliptic curves are being -used and packets are encrypted end-to-end by the symmetric stream cipher -Salsa20 and authenticated by the MAC Poly1305, where keys have previously -been computed with the ECDH key agreement protocol Curve25519. - -Cryptography is based on Daniel J. Bernstein's networking and cryptography -library ``NaCl''. By design, curvetun does not provide any particular pattern -or default port numbers that gives certainty that the connection from a -particular flow is actually running curvetun. - -However, if you have further needs to bypass censorship, you can try using -curvetun in combination with Tor's obfsproxy or Telex. Furthermore, curvetun -also protects you against replay attacks and DH man in the middle. -Additionally, server-side syslog event logging can also be disabled to not -reveal any critical user connection data. - -.IP " 1." 4 -obfsproxy from the TOR project -.RS 4 -\%https://www.torproject.org/projects/obfsproxy.html.en -.RE - -.IP " 2." 4 -Telex, anticensorship in the network infrastructure -.RS 4 -\%https://telex.cc/ -.RE - -.SH OPTIONS - -todo - -.SH CRYPTOGRAPHY -IP tunnels are usually used to create virtual private networks (VPN), where -parts of the network can only be reached via an unsecure or untrusted underlay -network like the Internet. Only few software exists to create such tunnels, -or, VPNs. Two popular representatives of such software are OpenVPN and VTUN. - -The latter also introduced the TUN/TAP interfaces into the Linux kernel. VTUN -only has a rather basic encryption module, that doesn't fit into todays -cryptographic needs. By default MD5 is used to create 128-Bit wide keys for -the symmetric BlowFish cipher in ECB mode [1]. - -Although OpenSSL is used in both, VTUN and OpenVPN, OpenVPN is much more -feature rich regarding ciphers and user authentication. Nevertheless, letting -people choose ciphers or authentication methods does not necessarily mean a -good thing: administrators could either prefer speed over security and -therefore choose weak ciphers, so that the communication system will be as -good as without any cipher; they could choose weak passwords for symmetric -encryption or they could misconfigure the communication system by having too -much choices of ciphers and too little experience for picking the right one. - -Next to the administration issues, there are also software development issues. -Cryptographic libraries like OpenSSL are a huge mess and too low-level and -complex to probably fully understand or correctly apply, so that they form a -further ground for vulnerabilities of such software. - -In 2010, the cryptographers Tanja Lange and Daniel J. Bernstein have therefore -created and published a cryptography library for networking, which is called -NaCl (pronounced ``salt''). NaCl challenges such addressed problems as in -OpenSSL and, in contrast to the rather generic use of OpenSSL, was created -with a strong focus on public-key authenticated encryption based on elliptic -curve cryptography, which is used in curvetun. Partially quoting Daniel J. -Bernstein: - -RSA is somewhat older than elliptic-curve cryptography: RSA was introduced -in 1977, while elliptic-curve cryptography was introduced in 1985. However, -RSA has shown many more weaknesses than elliptic-curve cryptography. RSA's -effective security level was dramatically reduced by the linear sieve in the -late 1970s, by the quadratic sieve and ECM in the 1980s, and by the -number-field sieve in the 1990s. For comparison, a few attacks have been -developed against some rare elliptic curves having special algebraic -structures, and the amount of computer power available to attackers has -predictably increased, but typical elliptic curves require just as much -computer power to break today as they required twenty years ago. - -IEEE P1363 standardized elliptic-curve cryptography in the late 1990s, -including a stringent list of security criteria for elliptic curves. NIST -used the IEEE P1363 criteria to select fifteen specific elliptic curves at -five different security levels. In 2005, NSA issued a new ``Suite B'' -standard, recommending the NIST elliptic curves (at two specific security -levels) for all public-key cryptography and withdrawing previous -recommendations of RSA. - -curvetun uses a particular elliptic curve, Curve25519, introduced in the -following paper: Daniel J. Bernstein, ``Curve25519: new Diffie-Hellman speed -records,'' pages 207-228 in Proceedings of PKC 2006, edited by Moti Yung, -Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin, Lecture Notes in Computer -Science 3958, Springer, 2006, ISBN 3-540-33851-9. - -This elliptic curve follows all of the standard IEEE P1363 security criteria. -It also follows new recommendations that achieve ``side-channel immunity'' -and ``twist security'' while improving speed. What this means is that secure -implementations of Curve25519 are considerably simpler and faster than secure -implementations of (e.g.) NIST P-256; there are fewer opportunities for -implementors to make mistakes that compromise security, and mistakes are -more easily caught by reviewers. - -An attacker who spends a billion dollars on special-purpose chips to attack -Curve25519, using the best attacks available today, has about 1 chance in -1000000000000000000000000000 of breaking Curve25519 after a year of computation. -One could achieve similar levels of security with 3000-bit RSA, but -encryption and authentication with 3000-bit RSA are not nearly fast enough -to handle tunnel traffic and would require much more space in network -packets. - -.IP " 1." 4 -Security analysis of VTun -.RS 4 -\%http://www.off.net/~jme/vtun_secu.html -.RE - -.IP " 2." 4 -NaCl: Networking and Cryptography library -.RS 4 -\%http://nacl.cr.yp.to/ -.RE - -.SH SETUP EXAMPLE -If you've never run curvetun before, you need to do an initial setup once. - -At first, make sure that the servers and clients clocks are periodically -synced, for instance, by running a ntp daemon. This is necessary to protect -against replay attacks. Also, make sure if you have read and write access to -/dev/net/tun. You should not run curvetun as root! Then, after you assured -this, the first step is to generate keys and config files. On both, the client -and server do: - -.B curvetun -k - -You are asked for a username. You can use an email address or whatever suits -you. Here, we assume, you've entered 'mysrv1' on the server and 'myclient1' -on the client side. - -Now, all necessary file have been created under ~/.curvetun. Files include -``priv.key'', ``pub.key'', ``username', ``clients'' and ``servers''. - -``clients'' and ``servers'' are empty at the beginning and need to be filled. -The ``clients'' file is meant for the server, so that it knows what clients -are allowed to connect. The ``servers'' file is for the client, where it can -select curvetun servers to connect to. Both files are kept very simple, so that -a single configuration line per client or server is sufficient. - -The client needs to export it's public key data for the server: - -.B curvetun -x - -todo - -.SH NOTE -This software is an experimental prototype intended for researchers. Likely, -it will mature over time, but it is currently not advised using this software -when life is put at risk. - -.SH LEGAL -curvetun is licensed under the GNU GPL version 2.0. - -.SH HISTORY -.B curvetun -was originally written for the netsniff-ng toolkit by Daniel Borkmann. It is -currently maintained by Tobias Klauser <tklauser@distanz.ch> and Daniel -Borkmann <dborkma@tik.ee.ethz.ch>. - -.SH SEE ALSO -.BR netsniff-ng (8), -.BR trafgen (8), -.BR mausezahn (8), -.BR bpfc (8), -.BR ifpps (8), -.BR flowtop (8), -.BR astraceroute (8) - -.SH AUTHOR -Manpage was written by Daniel Borkmann. |